A Surge of Cyberattacks on Maritime Companies: What You Need to Know

In recent weeks, the maritime industry has witnessed a concerning uptick in cyberattacks. We see attacks on both shipping companies and ports, as well as on other critical infrastructure from energy facilities, railways, and airports.

Recent Maritime cyber attacks

For example, just in the last month and a half we saw more than 10 attacks on various facilities in the maritime sector, mostly ports. This is an attack every 3 days!

Examples of countries that were hit:

  • Sweden
  • Italy
  • The Netherlands
  • Moldova
  • Bulgaria
  • Croatia
  • Albania
  • Pakistan
  • Poland

And more.

Other critical cyber risks that shipping companies need to address immedaitely

In addition to hackers specifically targeting maritime assets, security researchers recently unveiled critical vulnerabilities in software of major router providers Cisco and Fortinet as well as F5 VPN. Examples of affected elements are: Cisco IOS XE software and Fortinet (multiple modules including Fortimanager software, FortiSIEM, FortiEDR, FortiSandbox and others) and BIG-IP from F5. A whopping 84 advisories were issued for F5, 81 advisories were issued for Cisco products and 35 advisories for Fortinet products in less than a month!

Cisco and Fortinet routers are quite common also with maritime companies, so IT managers should update their router software immediately.

Another important critical vulnerability that was found to be actively exploited (and patched since September) involves all major internet browsers (Google Chrome, Mozilla Firefox, Microsoft Edge, Apple’s Safari etc.). Just go to Settings -> Help -> About and the browsers will usually update automatically.

The potential damage from these cyberattacks – and what can you do to be protected

As you can see, most of the attacks on maritime companies, just like all attacks, are DDoS (considered to be 40% of all attacks) and Ransomware (consider to be 25% of all attacks). Let’s break down those two types of attacks.

DDoS

What is DDoS?

In short, this means that a very large number of compromised computers try to access the website or interface at the same time. How large? Microsoft said in 2022 that it stopped the largest ever DDoS attack, that included data transfer of 3.47 terabytes per second originating from 10,000 computers. Without proper DDoS prevention measures, websites and interfaces can be taken down, denying service to clients and in some cases this also opens up other exploitation risks.

Most of the attacks we saw were DDoS – Distributed Denial of Service attacks. This is not just privy to the maritime sector – Microsoft researchers say they see 300% increase in the number of DDoS attacks every year.

DDoS statistics:

  • The average cost of a DDoS attack to an organization is $50,000.
  • The largest DDoS ever reported involved traffic of 3.47 terabytes per second (Tbps).
  • In 2021, the average DDoS attack lasted 30 minutes; a year later, that almost doubled to 50 hours on average.
  • The longest DDoS attack on record lasted 2 weeks.
  • Ransom-DDOS is when attackers demand a ransom to stop the DDoS attack. One research found that 25% of DDoS attacks include a ransom.

 

Ransomware

What is ransomware?

Ransomware is a cyber data breach where attackers penetrate into the victim’s network (by exploiting vulnerabilities, through phishing or other social engineering, etc.), take control over files and other information, encrypt those and claim to release the decryption key only upon a ransom payment.

While DDoS typically shuts down access to the website, and in some cases – disrupts operation for a short time (typically hours), ransomware attacks are actual data breaches. Ransomware attacks are less common than DDoS, but much more damaging – experts claim that 30% of US companies close down after being a victim to ransomware, and others quote that 30% of small businesses close within 6 months of a data breach!

We recently saw how a ransomware attack managed to shut down operation in the Port of Nagoya, Japan, for more than 3 days. We wrote a detailed analysis of this incident and how shipping companies can prevent such attacks – available here.

Ransomware statistics:

  • September 2023 saw the highest number of ransomware attacks ever
  • The average ransome in 2023 is $1.5, double from 2022.
  • In 2022 there were 500 million ransomware attacks and research finds a 93% increase in the number of victims in 2023 compared to 2022.
  • The average downtime from a ransomware attack is 22 days.
  • 805 of organizations that agreed to pay a ransom experienced another attack.
  • Research found that while ransomware was involved in about 50% of all cyber insurance claims, 42% of respondents said cyber insurance did not cover all costs.

 

Conclusion

Be alert!

The surge in maritime cyberattacks is a cause for concern. The shipping industry is more vulnerable than ever and is now a significant target of various malicious cyber actors. DDoS attacks and ransomware attacks are among the primary threats, and shipping companies need to make sure they exercise proper training, deploy effective cyber protection systems and create incident response plans.

We urge you to update and patch your Cisco and Fortinet devices, F5 VPNs, operating systems and browsers, and let’s discuss how Cydome can help create a vulnerability assessment for your assets.

Maritime organizations are taking appropriate steps to identify, analyze, assess, and communicate maritime cyber security risks. Contact us to learn how Cydome can help you prevent such unknown vulnerabilities with real-time anomaly detection.

Surging Cyber attacks on maritime companies
You are invited to leave your details and book a session with our expert.
share the article
Skip to content